February 2013

In a 4-3 decision last week in Apple v. Superior Court, the California Supreme Court ruled that the state’s privacy statute restricting retailers from collecting personal information as part of credit card transactions does not apply to online sales of downloadable materials.

The Song-Beverly Credit Card Act of 1971 governs the issuance and use of credit cards. Section 1747.08(a) of the Act prohibits retailers from requesting or requiring the cardholder to provide personal identification information, which the retailer writes or otherwise records upon the credit card transaction form, or from using preprinted spaces designed for filling in the cardholder’s personal identification information. In 2011, the California Supreme Court found in Pineda v. Williams-Sonoma Stores, Inc., 51 Cal.4th 524, that Williams-Sonoma violated §1747.08(a) when it requested and recorded a customer’s ZIP code during a credit card transaction.

In Apple v. Superior Court, the plaintiff was an Apple customer who purchased electronically downloadable products via the Internet. The plaintiff alleged that Apple violated §1747.08(a) when it requested his address and telephone number as a condition of accepting his credit card as payment. Relying on the fact that the statute was enacted before online commerce existed, the high court looked to the legislative intent behind §1747.08(a. The court, citing to Pineda, found that the underlying purpose of the statute was to “address the misuse of personal identification information for, inter alia, marketing purposes” and “to prohibit businesses from requiring information that merchants, banks or credit card companies do not require or need.” See also Absher v. AutoZone, Inc., (2008) 164 Cal.App.4th 332, 345. However, the court found that this legislative intent was not to achieve privacy protection at the expense of exposing consumers and retailers to undue risks of fraud.

The court recognized the severe disadvantage online retailers have compared to brick-and-mortar retailers. For example, during an in-store transaction, a merchant can verify the identification of the cardholder by comparing the signature on the credit card transaction form with the signature on the credit card or by viewing a driver’s license to ensure the photo matches the cardholder and the name on the license matches the name on the credit card. Thus, the court determined traditional stores have no genuine need to collect personal identification information.

Alternatively, online retailers do not have these safeguards against fraud when selling an electronically downloadable product. Because the online retailer is unable to visually inspect the credit card, the signature on the back of the card, or the customer’s photo identification, the court found that the antifraud mechanisms contained in §1747.08(a) have no practical application to online retailers that sell electronically downloadable products.

Importantly, Apple v. Superior Court does not apply to online transactions that do not involve electronically downloadable products or to any other transactions that do not involve in-person, face-to-face interaction between the customer and retailer. Time will tell if other exceptions will fall in line.

In dissent, Justice Joyce L. Kennard said the majority decision is “a major win for these sellers, but a major loss for consumers, who in their online activities already face an ever-increasing encroachment upon their privacy.” Kennard was displeased with the majority’s departure from the unanimous holding in Pineda and with its trespass on the Legislature’s “domain” by ruling far outside the statute’s plain language to carve an exception for online retailers.

Justice Marvin R. Baxter also dissented, arguing that the majority’s decision is contrary to the terms, purpose and legislative history of §1747.08(a). Baxter maintained that the “statutory terms reflect a legislative determination that heightened privacy interests in personal information such as addresses and telephone numbers outweigh the necessity or usefulness of such information for any supposed fraud prevention purpose in card-not-present transactions.” He found no support for the majority’s assumption that the legislative intent underlying the statute extends to protecting consumers and retailers from fraud or that Apple’s request for addresses and telephone numbers was necessary to combat fraud.

It will be interesting to see what transpires next in terms of a judicial and legislative response.